Re: MITM in the wild

Tue, 11 Nov 2008 14:39:35 -0800 

On 09.11.2008, at 16:25, Ian G wrote:


Eddy Nigg wrote:
Now I'm interested in getting rid of self-signed certificates if possible. They undermine "legitimate" certificates and put the majority of users under an unneeded risk. That's one of my goals today!
It seems that Eddy and Nelson are in the anti-self-signed-certs camp, and I would join Kyle in the pro-self-signed-certs camp.
Do others have strong-enough feelings? I'm searching for a way here to show one side or the other which way the wind is blowing.
I'm in the camp of giving the user an option to make her own trust decisions - be it self signed or CA certificates. And in the camp of tearing down the current business model of "trust" on the internet.
Pre-made decisions which is the 'we decide which is best for you' in the form of 'trusted root certificates' and 'go away, you get killed' style dialogs on unknown root certs in Firefox are bad.
For example, in Estonia we could choose to get a business registrar verified certificate for a web service that targets Estonian ID-card holders, so it could be a nice closed loop: national CA, national CA issued client certificates on the smart card, national CA issued and verified web server certificate.
But we run with 20$ domain verified godaddy and see no difference and the key here is that our users see no difference either. They don't care if the address bar turns red or green or purple, if it doesn't nag then it's OK. In our case the decision to trust our system is based on other factors than the certificate.
I believe that "fixing" broken PKI with EV certs and such is a dead end (yet a good money maker for some) and it has little to do with giving better trust decision making options to the end user.
Currently there are two (generalized) options for an average joe: have no control over trust decisions made based on certificates (the ~50 pre-defined CAs in authority list built into firefox make the decision), or be scared the hell out with the 
'add trust exception' (why not 'add explicit trust').




--
Martin Paljak
http://martin.paljak.pri.ee
+372.515.6495

_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to